from the bogus-moral-high-ground dept

We've noted several times how launching cyberwar (or real war) on Russia over the recent spike in hack attacks is a notably idiotic idea. One, the United States effectively wrote the book on hacking other countries causing all manner of harm (hello, Stuxnet), making the narrative that we're somehow defending our honor from shady international operatives foundationally incorrect. And two, any hacker worth his or her salt either doesn't leave footprints advertising their presence, or may conduct false flag operations raising the risk of attacking the wrong party.

"We obviously will ensure that a U.S. response is proportional. It is unlikely that our response would be announced in advanced. It’s certainly possible that the president could choose response options that we never announce," Earnest told reporters aboard Air Force One.
"The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries," he added. "There are a range of responses that are available to the president and he will consider a response that’s proportional."

Yet somehow, once countries began hacking us back, we responded with indignant and hypocritical pouting and hand-wringing. But the reality is we are not some unique, special snowflake on the moral high ground in this equation: we've historically been the bully, and nationalism all too often blinds us to this fact. Long a nation driven to war by the weakest of supporting evidence, hacking presents those in power with a wonderful, nebulous new enemy, useful in justifying awful legislation, increased domestic surveillance authority, and any other bad idea that can be shoe-horned into the "because... cybersecurity" narrative.

And as we're witnessing in great detail, hacking has played a starring role in this nightmarish election, with Donald Trump giving every indication he intends to only ramp up nation state hacking as a core tenet of his idiocracy, and Hillary Clinton lumping Russia, hackers, and WikiLeaks into one giant, amorphous and villainous amoeba to help distract us from what leaked information might actually say about the sorry state of the republic.

Media needs to stop treating Wikileaks like it is same as FOIA. Assange is colluding with Russian government to help Trump.

We're wandering into extremely dangerous territory here. As we saw with Stuxnet's impact on companies like Chevron, the United States' hacking behavior has had very real, negative repercussions for innocent third parties around the globe. Operating from the belief that we're somehow nobly defending ourselves is a falsehood the media consistently perpetuates, making this kind of dangerous digital saber rattling easier than ever for those in power. The U.S. press and public can no longer afford to be so viciously naive as 2016 stumbles drunkenly to its welcome conclusion and hacking becomes the bogeyman du jour for the next administration.

from the 'I'll-take-the-credit-but-not-the-responsibility.' dept

Nearly a half-century to the day after President Lyndon B. Johnson reluctantly signed the Freedom of Information Act (FOIA) into law, granting the public the right to access federal government records, President Barack Obama signed into law a historic FOIA reform bill that aims to make it easier for the public to file FOIA requests and obtain government documents.

While this is cause for some celebration, let's not overlook what's actually happened here. Obama has signed a bill he can saddle his successors with. Neither leading candidate seems particularly amenable to openness and transparency -- not Donald Trump with his big ideas on how to change laws to make things better for him rather than for the nation, and not Hillary Clinton, who set up her own email server to route around FOIA requests.

What this one-foot-out-the-door signing does is provide the Obama Administration with a last-minute burnishing of its transparency record -- a brief hat tip to openness as he exits office with a largely-unearned reputation for government accountability.

Moving past the negatives, the new law institutes some interesting new measures, including the somewhat controversial "release to one, release to all" policy. This will provide for the public release -- via agency websites -- of any documents obtained by any FOIA requester. This is good news for the public, which won't have to rely on news agencies for controlled release of FOIAed documents. For news agencies, and the journalists putting in the effort to ask the right questions and push agencies into compliance with requests, this undercuts any level of "exclusivity" they may have used to attract more readers.

"In addition to the feedback OIP [Office of Information Policy] received directly, several journalists wrote about the pilot and voiced their potential concerns with the adoption of this policy," the report said. "The thrust of many of the journalists' concerns, although not always exactly the same, was an unease that posting the records requested by journalists without giving them any lead time with sole access to the records, could take away their 'scoop' or 'exclusive' story. Additionally, there were concerns that routine posting of FOIA- processed records would act as a disincentive for journalists to use the FOIA given that they often invest considerable time and resources into building a story and those efforts would be impacted by loss of the ability to be the first with access to the requested records. At the same time, there were others in the community of journalists who applauded the idea of agencies posting all FOIA responses."

FOIA warrior Jason Leopold is one of many who have commented on this policy, requesting a "lead time" of one week between the requester obtaining the documents and full release to the public. This is not an unreasonable request -- especially when Leopold works for sites like Vice which posts documents it receives when it reports on them. Other news agencies -- far too many to count/name-and-shame -- do not publish the documents they obtain, forcing readers to accept their interpretation of the content.

In terms of the greater public good, the new policy is the better policy, even if it contains the potential to strip away exclusivity. The Freedom of Information Act's purpose is to make the government more transparent and accountable, not act as a lead generator for news agencies. Journalistic agencies are also a huge contributor to holding the government accountable, so it's difficult to flatly state that FOIA enthusiasts like Leopold should just suck it up and deal with the new reality. But it's also impossible to ignore the fact that windowed releases of FOIA docs is just another form of gatekeeping that separates the public from its public servants, even if the separation is only temporary.

Also of note is the law's revamping of Exemption B(5), which is a current government favorite:

The bill radically overhauls one of the FOIA's most abused and overused exemptions: B5, referred to by open government advocates as the "withhold it because you can" exemption. Currently, when government agencies cite B5, which applies to internal deliberations and attorney-client privileged communications, government agencies can withhold records under that exemption forever. Under the FOIA Improvement Act, however, government agencies can withhold records pertaining to internal deliberations for only 25 years. Attorney-client privilege records, which also fall under B5, will not be part of the reform.

And, because the process of filing a FOIA request is often less than straightforward, the law provides for the creation of a single FOIA request portal -- one that will hopefully streamline the process and allow for easier tracking of submitted requests.

Undoubtedly, agencies are already working on ways to comply with the new law without actually being more open and transparent. Certain agencies -- like the Office of the Director of National Intelligence and the DOJ -- will be sure to use the new "release to all" policy to "scoop" journalists who have spent years (and possibly thousands of dollars in fees/litigation expenses) forcing embarrassing documents out of their hands by dumping these into the public's lap prior to news agencies' publication dates. This is a net win for the general public, but it also creates a route for agencies to act out of sheer vindictiveness.

from the punting dept

Senators Dianne Feinstein and Richard Burr have been talking about legislation that forces tech companies to help law enforcement break into encrypted devices for quite a while now. Nearly a month ago, they suggested it was almost ready to be formally introduced, but indicated that the White House's response would determine when exactly that happened.

Although the White House has reviewed the text and offered feedback, it is expected to provide minimal public input, if any, the sources said.

Its stance is partly a reflection of a political calculus that any encryption bill would be controversial and is unlikely to go far in a gridlocked Congress during an election year, sources said.

A White House spokesman declined to comment on the pending legislation, but referred to White House press secretary Josh Earnest's statements on encryption legislation. Last month, Earnest said the administration is "skeptical" of lawmakers' ability to resolve the encryption debate given their difficulty in tackling "simple things."

This isn't entirely surprising, as the administration has suggested it won't support such legislation since as far back as September when a leaked document outlined their options for responding to the debate. That document, too, seemed primarily concerned with "political calculus" and what the reaction would be in the public and congress to different versions of "not supporting" the bill, ranging from standing up for the actual truth to punting on the whole issue. In October, they decided to stay silent, though the President has since trotted out the same problematic arguments about compromise and absolutism that we've heard from many politicians.

Now, with the issue refusing to die and Burr and Feinstein's bill perpetually on the horizon, it looks like the White House is going to stick to its silence with "minimal public input" and see what happens. Given the current political climate, and the fact that any such bill almost certainly doesn't stand a chance of passing, this isn't exactly shocking — but it's still disappointing. As we noted last year, when your options include "take a clear stance on the right side of the issue", you shouldn't really need to consider alternatives. The President's open disapproval may not be necessary to prevent the bill from moving forward, but it would go a long way to convincing technology companies and the privacy-aware public that the administration genuinely understands the issue and will fight for what's right.

from the well,-duh dept

We've been among those who have pointed out how laughable the Obama administration's claims to be "the most transparent administration in history" are, when, from nearly every angle, it appears that the Obama administration is ridiculously secretive -- beyond any previous administration. So, it's interesting to see that it's not just us who thinks that. The NYT's executive editor, Jill Abramson, who worked in Washington DC for decades, has noted that the Obama administration is, by far, the most secretive she's ever dealt with.

"I would say it is the most secretive White House that I have ever been involved in covering, and that includes — I spent 22 years of my career in Washington and covered presidents from President Reagan on up through now, and I was Washington bureau chief of the Times during George W. Bush's first term," Abramson told Al Jazeera America in an interview that will air on Sunday.

"I dealt directly with the Bush White House when they had concerns that stories we were about to run put the national security under threat. But, you know, they were not pursuing criminal leak investigations," she continued. "The Obama administration has had seven criminal leak investigations. That is more than twice the number of any previous administration in our history. It's on a scale never seen before. This is the most secretive White House that, at least as a journalist, I have ever dealt with."

I guess that's what happens when you declare that whistleblowers are "aiding the enemy" even as you pretend to support them. Your administration clams up.

Whenever this issue comes up, I keep going back to the speculation from Daniel Ellsberg a few years ago, in which he noted that while President Bush (the younger) abused his power and bulked up the surveillance state in secretive ways, when push came to shove, he believed that Bush was proud of doing that. President Obama, on the other hand, seems to be embarrassed about the way he's abused the power of the Presidency, and goes to tremendous lengths to try to hide those abuses and excesses. It's pure speculation on the part of Ellsberg, but it certainly rings true on multiple levels.

But the Obama administration, while declining to comment on the specific order, said the practice was "a critical tool in protecting the nation from terrorist threats to the United States".

Uh, that's really not the point. Under that standard, there is no Constitution. There are lots of things that could be very useful tools in stopping crime and attacks, but we don't allow them because they violate the public's rights. We don't allow the FBI to walk up and down the street, enter every house and search it for weapons, for example. While that might be a "critical tool" in stopping the use of those weapons, it's also incredibly unconstitutional on a whole variety of levels. Saying that it's okay to ignore the 4th Amendment entirely because there are terrorists out there is no excuse at all.

And, of course, as we noted last night, there's nothing new about this. Already it's been confirmed that the order to Verizon was not a special case, but rather a "renewal of an ongoing practice." Senator Feinstein has admitted that this has been going on consistently for the past seven years, and this latest leak is just the "renewal" for another three months. And if anyone thinks that only Verizon got this order and has been doing this for the past seven years, you're not paying attention. As we've noted, we've had multiple whistleblowers who have flat out said that this was happening for years. Mark Klein, who worked at AT&T, revealed in 2006 that he'd helped hook up NSA machines to record all data flowing over the AT&T network. Meanwhile former NSA employee William Binney also blew the whistle on this activity from the NSA side. We've known all of this for years... and no one seemed to care until now.

Even more incredible, is that the NSA has no problem directly lying about all of this. Because last week, before all of this came out, and before the Obama administration 'fessed up to using this "critical tool," General Keith Alexander, the head of the NSA, ridiculously claimed the following:

"The great irony is we're the only ones not spying on the American people," he quipped.

Just days after that was said, we have written proof that this claim is 100% false. So, now, what do we do about it?

from the facts-in-evidence dept

President Barack Obama appears to look at the state secrets privilege in the United States the same way past Presidents have: it's a horrific injustice all the way up to the exact moment when it becomes available to them to use. For instance, after publicly campaigning against the Bush administration's use of state secrets exemptions to block litigation over the Patriot Act, he then leaned on them over something as relatively benign as copyright treaties. When it comes to state secrets, there are two related but slightly different issues at play. First, the government tends to be somewhat paranoid when it comes to classifying information in general. Second, but related, is the fact that state secrets are usually invoked domestically under the idea that United States citizens need to be protected against information coming out in the course of legal proceedings. What you end up with from those two issues is a government that keeps pertinent information hidden from its own constituency, often with that information being over-classified. The results of that intersection can often seem laughably paranoid.

Such is the case in a suit brought against the government by a Malaysian citizen, Rahinah Ibrahim, who had been a student at Stanford when she was denied air travel and detained in San Francisco in 2005, the apparent result of being on the no-fly list. U.S. District Judge William Alsup has sharply diverted from his peers in the case, challenging the government's assertion of state-secrets exemptions for evidence in the case.

In an order issued earlier this month and made public Friday, Alsup instructed lawyers for the government to "show cause" why at least nine documents it labeled as classified should not be turned over to Ibrahim's lawyers. Alsup said he'd examined the documents and concluded that portions of some of them and the entirety of others could be shown to Ibrahim's attorneys without implicating national security.

"After a careful review of the classified materials by the Court, this order concludes that a few documents could potentially be produced with little or no modifications to them," Alsup wrote in an April 2 order (posted here). "This order independently determines that in addition to correspondence between the parties, the two internal training documents are eligible for production to plaintiff’s counsel without implicating national security."

For the most part, Alsup's reasoning appears as banal as it does just. Several of the documents requested by Ibrahim's lawyers are antiquated to the point that their being revealed should pose no danger to national security. This would still be important, since judges as a rule shy away from challenging the White House over classification on national security grounds. Alsup offers his reasons for the challenge, stating that the documents are highly pertinent to the case, that the suit on constitutional grounds is proper, and that the information contained within the documents cannot be obtained anywhere else. In other words, any minimal risk in exposing the documents is trumped by Ibrahim's rights as the plaintif in seeking justice.

But the real highlight of how silly this all can get is that the government is attempting to include correspondence between Ibrahim and the government as classified. This, Judge Alsup points out, simply cannot be the case. Driving the hypocrisy of the matter home is that Attorney General Eric Holder filed a declaration in the case, supporting the states-secrets claims. Holder, it should be noted, is an appointee of President Obama, who promised reforms in the use of state-secrets.

from the get-with-the-program dept

Tim Wu has an excellent article in the New Yorker, talking about the Computer Fraud and Abuse Act (CFAA), and specifically about how it was used against Aaron Swartz, declaring it the worst law in technology. Much of it covers similar ground to what we've covered before, but it also makes some really good points towards the end about how the Obama administration really needs to pull back on its reliance on the law in so many cases. First, he notes that simply relying on "prosecutorial discretion" is not enough, since we've seen that doesn't work:

The broadest provision, 18 U.S.C. §1030(a)(2)(c), makes it a crime to “exceed authorized access, and thereby obtain… information from any protected computer.” To the Justice Department, “exceeding authorized access” includes violating terms of service, and “any protected computer” includes just about any Web site or computer. The resulting breadth of criminality is staggering. As Professor Kerr writes, it “potentially regulates every use of every computer in the United States and even many millions of computers abroad.” You don’t have to be a raving libertarian to think that might be a problem. Dating sites, to borrow an example from Judge Alex Kozinski, usually mandate that you tell the truth, making lying about your age and weight technically a crime. Or consider employer restrictions on computers that ban personal usage, like checking ESPN or online shopping. The Justice Department’s interpretation makes the American desk-worker a felon.

When judges or academics say that it is wrong to interpret a law in such a way that everyone is a felon, the Justice Department has usually replied by saying, roughly, that federal prosecutors don’t bother with minor cases—they only go after the really bad guys. That has always been a lame excuse—repulsive to anyone who takes seriously the idea of a “a government of laws, not men.” After Aaron Swartz’s suicide, the era of trusting prosecutors with unlimited power in this area should officially be over.

He notes (as we have) that it doesn't look like Congress is really taking the matter that seriously yet. But he also notes that we don't have to wait for Congress. The DOJ should make it a stated policy not to interpret the law in such a ridiculous manner.

There is a much more immediate and effective remedy: the Justice Department should announce a change in its criminal-enforcement policy. It should no longer consider terms-of-service violations to be criminal. It can join more than a dozen federal judges and scholars, like Kerr, who adopt a reasonable and more limited interpretation. The Obama Administration’s policy will have no effect on civil litigation, so firms like Oracle will retain their civil remedies. President Obama’s DREAM Act enforcement policy, under which the Administration does not deport certain illegal immigrants despite Congress’s inability to make the act a law, should be the model. Where Congress is unlikely to solve a problem, the Administration should take care of business itself.

All the Administration needs to do is to rely on the ancient common-law principle called the “rule of lenity.” This states that ambiguous criminal laws should be construed in favor of a defendant. As the Supreme Court puts it, “When choice has to be made between two readings of what conduct Congress has made a crime, it is appropriate, before we choose the harsher alternative, to require that Congress should have spoken in language that is clear and definite.” So far, at least thirteen federal judges have rejected the Justice Department’s interpretation of the Computer Fraud and Abuse Act. If that’s not a sign that the law is unclear and should be interpreted with lenity, I don’t know what is.

Failing that -- and we've rarely seen a law enforcement agency take a weapon out of its own arsenal by choice -- Wu suggests that it's President Obama's responsibility to speak up and tell the DOJ to change its policies. He notes, "with just one speech, the President can set things right."

from the urls-we-dig-up dept

The internet is filled with strange memes, but a recurring theme seems to be asking a simple question about "who would win in a fight?" given various outrageous scenarios. Here are just a few amusing examples.

from the techies-vs.-politicians dept

Right after the election, we noted the stories showing how Obama's technology advantage was impressive, while the get-out-the-vote technology that the Romney campaign built up appeared to fail spectacularly. However, there's an interesting post mortem to this, which shows how techies and politicians still usually come from very, very different worlds. The world class team of technologists who helped build up Obama's campaign tech are trying to release their work as open source -- but Democratic Party operatives are trying to keep it secret, believing (almost certainly incorrectly) that this gives them a proprietary advantage:

But in the aftermath of the election, a stark divide has emerged between political operatives and the techies who worked side-by-side. At issue is the code created during the Obama for America (OFA) 2012 campaign: the digital architecture behind the campaign’s website, its system for collecting donations, its email operation, and its mobile app. When the campaign ended, these programmers wanted to put their work back into the coding community for other developers to study and improve upon. Politicians in the Democratic party felt otherwise, arguing that sharing the tech would give away a key advantage to the Republicans. Three months after the election, the data and software is still tightly controlled by the president and his campaign staff, with the fate of the code still largely undecided. It’s a choice the OFA developers warn could not only squander the digital advantage the Democrats now hold, but also severely impact their ability to recruit top tech talent in the future.

The politicians who want to keep it locked up are making a huge mistake for a very large number of reasons that people who are steeped in technology understand. Let's list out some of the ways in which it's stupid to keep this secret:

It basically makes the technology useless. As one of the techies who worked on the project notes, the software "will be mothballed," meaning that four years from now it'll be useless. What the politicians see as keeping an advantage is really just squandering a useful framework.

It completely misunderstands how technology advances and works. No one expects software from today to be the same four years from now. By mothballing the tech, it will mean that the next campaign will effectively be starting from scratch. Open sourcing it would allow additional work to continue on this.

You can learn from others as well. The really shortsighted part is this insistence that open sourcing it "helps the other side." Again, what will be used four years (or even two years) from now will be quite different as the technology advances. And having it open sourced means that lots of folks can jump in and build on the tech in the meantime. And, yes, even Republican techies might work on it, and the Dems can learn from them as well.

Keeping it closed pisses off the techies, who will be less likely to contribute or join the team next time around.

If the Democrats believe they have stronger technologists, then next election they should still be able to make innovations faster than their opponents.

It quite possibly violates some open source licenses, since much of the code was built on open source software, some of which requires any additional work to also be open sourced.

Keeping the tech secret also means that other campaigns (beyond just elections) can't make use of the technology as well, which could actually hurt causes that the Democrats support.

In many ways this is the same old battle we've seen from legacy companies vs. more open upstarts for years. The legacy players think their advantage is in keeping the code secret. The upstarts know that's wrong: the pace of innovation and the rate of change means that by being open you can better keep up and do more. Keeping it closed guarantees stagnation and falling behind.

from the worth-asking dept

As we've discussed in the past, works created by the federal government are automatically in the public domain under section 105 of US copyright law:

Copyright protection under this title is not available for any work of the United States Government, but the United States Government is not precluded from receiving and holding copyrights transferred to it by assignment, bequest, or otherwise.

So... that would suggest that musical works created by the federal government should be in the public domain, right? And... according to the Times of London, the performance of the Star Spangled Banner by Beyonce at President Obama's inauguration, was actually pre-recorded by the Marine Corp. Band, and then lip synced by Beyonce. Last we checked, the Marine Corp. Band is a part of the US government, meaning that recordings it creates should be in the public domain.

This is a request under the Freedom of Information Act. I hereby request the following records:

A copy of the backing track used during Beyonce's Inauguration performance, as well as copies of other backing tracks created in preparation for Inauguration events, whether or not they were actually used.

The existence of these documents was disclosed by a spokeswoman for the Marine Corp Band to The Times of London

The performance by Beyonce could still be covered by copyright, since she is not an employee of the government, but that backing track almost certainly should be in the public domain. Of course, it's unclear to me if, even if the track is in the public domain, the federal government has an obligation to hand it over as part of FOIA request, but it seems like it's at least reasonable to ask.